File: 08-reset-tpm-structures.patch

package info (click to toggle)
opencryptoki 3.6.1%2Bdfsg-1
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 5,628 kB
  • ctags: 5,333
  • sloc: ansic: 75,819; perl: 1,513; makefile: 614; yacc: 370; sh: 148; lex: 124
file content (72 lines) | stat: -rw-r--r-- 2,277 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
Author: David Smith <dds@google.com>
Description: Reset TPM datastructures on init, not just logout.
Forwarded: http://sourceforge.net/tracker/download.php?group_id=128009&atid=710344&file_id=391513&aid=3073688
Bug: http://sourceforge.net/tracker/index.php?func=detail&aid=3073688&group_id=128009&atid=710344
Bug-Ubuntu: https://launchpad.net/bugs/645576
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603104
---
 usr/lib/pkcs11/tpm_stdll/tpm_specific.c |   29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

Index: opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
===================================================================
--- opencryptoki.orig/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
+++ opencryptoki/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
@@ -143,6 +143,22 @@ int not_initialized = 0;
 CK_BYTE current_user_pin_sha[SHA1_HASH_SIZE];
 CK_BYTE current_so_pin_sha[SHA1_HASH_SIZE];
 
+static void
+clear_internal_structures()
+{
+	hSRK = NULL_HKEY;
+	hPrivateLeafKey = NULL_HKEY;
+	hPublicLeafKey = NULL_HKEY;
+	hPrivateRootKey = NULL_HKEY;
+	hPublicRootKey = NULL_HKEY;
+
+	memset(master_key_private, 0, MK_SIZE);
+	memset(current_so_pin_sha, 0, SHA1_HASH_SIZE);
+	memset(current_user_pin_sha, 0, SHA1_HASH_SIZE);
+
+	object_mgr_purge_private_token_objects();
+}
+
 CK_RV
 token_specific_rng(CK_BYTE *output, CK_ULONG bytes)
 {
@@ -310,7 +326,7 @@ token_wrap_sw_key(int size_n, unsigned c
 {
 	TSS_RESULT result;
 	TSS_HPOLICY hPolicy;
-	static TSS_BOOL get_srk_pub_key = TRUE;
+	TSS_BOOL get_srk_pub_key = TRUE;
 	UINT32 key_size;
 
 	key_size = util_get_keysize_flag(size_n * 8);
@@ -1752,16 +1768,11 @@ token_specific_logout()
 {
 	if (hPrivateLeafKey != NULL_HKEY) {
 		Tspi_Key_UnloadKey(hPrivateLeafKey);
-		hPrivateLeafKey = NULL_HKEY;
 	} else if (hPublicLeafKey != NULL_HKEY) {
 		Tspi_Key_UnloadKey(hPublicLeafKey);
-		hPublicLeafKey = NULL_HKEY;
 	}
 
-	memset(master_key_private, 0, MK_SIZE);
-	memset(current_so_pin_sha, 0, SHA1_HASH_SIZE);
-	memset(current_user_pin_sha, 0, SHA1_HASH_SIZE);
-
+	clear_internal_structures();
 	return CKR_OK;
 }
 
@@ -2159,6 +2170,7 @@ token_specific_final()
                 return CKR_FUNCTION_FAILED;
         }
 
+	clear_internal_structures();
 	return CKR_OK;
 }